Tag Archives: web-server

Private DNS Domains: Creating SSL Certs for Your Web Servers and Devices That Access Them (Updated November 23, 2023)

Leave a reply

It’s pretty easy to get a growing internal network going at home now with devices getting cheaper and whatnot. But I myself don’t particularly don’t feel the need to expose them to the internet and only use them for myself. But I don’t like the nagging from Chrome about how this site is not secure for whatever reason on my Desktop or my tablet or phone. So I sat down this weekend and worked out how to create a cert for my web serving stuff and a CA cert for my end-use devices that made Chrome be quiet and happy and think everything was nice and secure. Here’s how I did it for the server side, later tomorrow or today I will add a post on how to do the client cert for you.

Install openssl on your working machine and buckle up!

Once you have openssl installed you need to do this twice, once for the Web servers and once for the CA for the end-user devices to accept that cert you made before.

The first thing is to generate a configuration file because we are going to make a wildcard certificate to keep from having to generate a cert for each server independently! Here’s the configuration example:

[ req ]
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

[ req_distinguished_name ]
countryName        = US
stateOrProvinceName = Texas
localityName       = Who Hee
organizationName   = Your Org
organizationalUnitName= Your Org Name
commonName = *.yourinternaldomain.local

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = yourinternaldomain.local
DNS.2 = *.yourinternaldomain.local

(Added more depth to CNF file)

Ok on *nix you can pretty much save that in whatever directory you are going to run the openssl command from as it will assume based on the prompt that it exists wherever it was executed from. Save the file as: openssl.cnf

On Windows, you need to change the below (like literally the text that follows below) areas where the openssl.cnf is mentioned to point to where the config is saved in the prompt.

Generate the Signing Key

Next up we generate the signing key:

openssl genrsa -out privkey.pem 2048

That is it!

Generate the Certificate Signing Request

Now we have to generate the CSR for generating our actual server cert.

openssl req -new -key privkey.pem -out csr.pem -config openssl.cnf (Updated to add -config option to CSR request)

That was nice and easy as well, now onto generating the server’s certificate!

Create the Actual Server Certificate

Now to the almost final step which is to create the cert to be installed on all the internal servers.

openssl x509 -req -days 365 -in csr.pem -signkey privkey.pem -out cert.pem -extensions req_ext -extfile openssl.cnf

Here is where we reference the openssl.cnf to get our wildcard cert. Remember Windows users to input the complete DOS path and use quotes if it has spaces to the actual cnf file.

Once Last Thing For Those Special Needs Servers

For those servers (i.e. Synology) that require a Full Chain pem file as well you can do this from *nix.

cat cert.pem privkey.pem > fullchain.pem

Ok, the server cert is done, you should be able to add it to your web servers now. I’ll be putting up the client portion for Android and Windows client CA certs sometime later today or tomorrow so that the annoying Chrome nag screen goes away.

John

New projects: Web-Based Image Manipulators

Leave a reply

What is it and where is it…

If you’re looking for straightforward tools to manipulate your images without the need for sophisticated software, you might want to look into a few scripts I developed. They are written in PHP and HTML5 with a lot of JS, and they are all widely used for server-side scripting. The functionality of these scripts allows users to perform basic image manipulations such as resizing and rotating images, cropping and format conversion.

Being compatible with the most common image formats like BMP, PNG, and JPG, it ensures that the largest audience can utilize its features without compatibility issues. The user interface is designed to be very easy to use, even for those who may not have extensive technical skills. This makes it suitable for anyone needing quick image adjustments without the need for detailed knowledge of image editing.

To make it accessible to everyone, I’ve hosted this script online where you can easily find it. To get started with adjusting your images, you just need to visit the following links: Resize, Crop, Convert. Here, you can upload your images and choose the desired operation – whether you want to change its size, alter its orientation, change format or whatever. These tools are learning tools and demonstrate the basics of PHP and HTML5 for simple but complex tasks. Now they may not operate the way you want but don’t abuse them or they won’t work at all. They are behind a cloudflare tunnel so there is a maximum file size limit so don’t try to convert a bunch or a large image.

Moreover, owing to their simplicity and ease of use, it’s an excellent solution for everyday image processing tasks. Whether you’re running a blog, managing a website, or even just looking to adjust some images for personal use, these PHP and HTML5 scripts aim to provide a no-fuss solution and demonstrate to you how simple things can be helpful and easy to make for one off projects. I will be uploading the code one day when I get it cleaned up and documented here: Github.com

John

Link in Bio Style Hosting Available

Leave a reply

I’ve opened up a LinkStack server for the public that people can use instead of paying for an online service to host their Bio links for sites like Facebook or Instagram. You can sign up here for your account: https://bio.shrt.ninja

Don’t abuse it and you won’t be banned or have your account removed, just enjoy something free to use!

John